1 |
On 7/20/05, Richard Fish <bigfish@××××××××××.org> wrote: |
2 |
> Mark Knecht wrote: |
3 |
> |
4 |
> >Hi, |
5 |
> > I'm trying to get my mythfrontend box to allow a user to shut the |
6 |
> >machine down without the use of a keyboard. We are only using remote |
7 |
> >controls. suso doesn't seem to be an option because it requires a |
8 |
> >password. (AFAICT) |
9 |
> > |
10 |
> > Is there some other way that I could make this work? |
11 |
> > |
12 |
> > |
13 |
> > |
14 |
> |
15 |
> 2 options: |
16 |
> |
17 |
> 1. Sudo can be setup to allow some commands to be run without a |
18 |
> password. I think this entry in /etc/sudoers should work: |
19 |
> |
20 |
> mythtv ALL = NOPASSWD: /sbin/shutdown |
21 |
|
22 |
Yes, I have this working. My problem with this solution was slightly |
23 |
deeper. To get MythTV to execute this command I have to put 'sudo |
24 |
shutdown -h now' in a setup screen within the setup portion of |
25 |
mythfrontend. In a general sense I don't know how to do that without a |
26 |
keyboard being attached to the machine. So far I haven't found where |
27 |
MythTV stores this information so that I could edit it from an ssh |
28 |
login. |
29 |
|
30 |
Granted I can attach a keyboard for a few minutes when the machine is |
31 |
here at my house, but I'm hesitant to use a solution that I cannot fix |
32 |
via ssh when the machine is remote at my folks house. |
33 |
|
34 |
> |
35 |
> I have not tested this, so if something goes wrong, you'll have to try |
36 |
> and figure out "man sudoers". |
37 |
> |
38 |
> 2. Create a setuid (chmod 4711 /sbin/shutdown_by_anyone.sh) shell script |
39 |
> that runs shutdown. Be sure to export the PATH, and unset LD_PRELOAD |
40 |
> and LD_LIBRARY_PATH variables at the very beginning of the script. Also |
41 |
> make sure the interpreter line is "/bin/bash --". This doesn't fix all |
42 |
> of the security holes with setuid shell scripts, just the most common |
43 |
> and easiest to fix... |
44 |
|
45 |
I don't know how this is much of a security issue for me, but then |
46 |
again I don't know much about security, and I suppose it could be if |
47 |
someone plugs a keyboard in and wants to cause some harm. Shame on |
48 |
them, but good of you to consider it. |
49 |
|
50 |
Thanks, |
51 |
Mark |
52 |
|
53 |
-- |
54 |
gentoo-user@g.o mailing list |